?php/** * 案例标题Kubernetes部署 * 说明K8s deployment/service/configmap yaml配置含滚动更新、资源限制、健康探针 * 需要安装的包无需PHP包这是K8s YAML配置文件 */// k8s/namespace.yaml /* apiVersion: v1 kind: Namespace metadata: name: hyperf-prod # 生产环境独立namespace和其他业务隔离 labels: env: production */// k8s/configmap.yaml /* apiVersion: v1 kind: ConfigMap metadata: name: hyperf-config namespace: hyperf-prod data: APP_ENV: prod APP_NAME: HyperfApp DB_HOST: mysql-service # 用K8s service名做域名 DB_PORT: 3306 DB_DATABASE: hyperf_prod REDIS_HOST: redis-service REDIS_PORT: 6379 SERVICE_PORT: 9501 */// k8s/secret.yaml /* apiVersion: v1 kind: Secret metadata: name: hyperf-secrets namespace: hyperf-prod type: Opaque data: # 值要base64编码echo -n yourpassword | base64 DB_PASSWORD: U3Ryb25nUGFzc3dvcmQxMjMh # StrongPassword123! DB_USERNAME: aHlwZXJm # hyperf REDIS_PASSWORD: cmVkaXMxMjM # redis123 */// k8s/deployment.yaml /* apiVersion: apps/v1 kind: Deployment metadata: name: hyperf-app namespace: hyperf-prod labels: app: hyperf-app version: v1.0.0 spec: replicas: 3 # 跑3个Pod挂掉一个还有两个顶着 selector: matchLabels: app: hyperf-app strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 # 更新时最多多起1个新Pod maxUnavailable: 0 # 更新时不允许有不可用的Pod零停机发布 template: metadata: labels: app: hyperf-app version: v1.0.0 spec: containers: - name: hyperf-app image: registry.company.com/hyperf-app:latest # 你的镜像仓库地址 imagePullPolicy: Always # 每次都拉最新镜像 ports: - containerPort: 9501 # 从ConfigMap和Secret注入环境变量 envFrom: - configMapRef: name: hyperf-config - secretRef: name: hyperf-secrets # 资源限制防止单个Pod吃掉所有资源 resources: requests: memory: 256Mi # 至少保证256M内存 cpu: 250m # 至少0.25个CPU limits: memory: 512Mi # 最多用512M超了就OOM Kill cpu: 500m # 最多用0.5个CPU # 存活探针检测进程是否还活着失败就重启容器 livenessProbe: httpGet: path: /health port: 9501 initialDelaySeconds: 30 # 启动30秒后才开始检查给够启动时间 periodSeconds: 10 # 每10秒检查一次 failureThreshold: 3 # 连续失败3次才重启 # 就绪探针检测是否可以接收流量失败就从Service摘掉 readinessProbe: httpGet: path: /health port: 9501 initialDelaySeconds: 15 # 15秒后开始检查就绪 periodSeconds: 5 failureThreshold: 3 # 优雅关闭收到SIGTERM后等60秒让请求处理完 lifecycle: preStop: exec: command: [/bin/sh, -c, sleep 10] # 等10秒让LB感知到要下线 terminationGracePeriodSeconds: 70 # Pod终止最多等70秒 # 镜像仓库认证 imagePullSecrets: - name: registry-secret */// k8s/service.yaml /* apiVersion: v1 kind: Service metadata: name: hyperf-service namespace: hyperf-prod spec: selector: app: hyperf-app # 选择带这个标签的Pod ports: - port: 80 # Service对外暴露80 targetPort: 9501 # 转发到Pod的9501 protocol: TCP type: ClusterIP # 集群内部访问配合Ingress对外暴露 */// k8s/hpa.yaml 水平自动扩缩容 /* apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: hyperf-hpa namespace: hyperf-prod spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: hyperf-app minReplicas: 3 # 最少3个Pod maxReplicas: 20 # 最多20个流量大自动扩 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 70 # CPU超过70%就扩容 */// app/Controller/HealthController.php namespaceApp\Controller;useHyperf\DbConnection\Db;useHyperf\HttpServer\Annotation\Controller;useHyperf\HttpServer\Annotation\GetMapping;useHyperf\Redis\Redis;#[Controller]classHealthController{publicfunction__construct(privateRedis$redis){}/** * K8s探针会打这个接口要快速响应不能超过探针超时时间 */#[GetMapping(path:/health)]publicfunctioncheck():array{$checks[appok];// 检查数据库连通性try{Db::select(SELECT 1);$checks[db]ok;}catch(\Exception$e){$checks[db]error;// DB挂了就绪探针会失败K8s会把Pod摘出去}// 检查Redis连通性try{$this-redis-ping();$checks[redis]ok;}catch(\Exception$e){$checks[redis]error;}// 有任何依赖挂了就返回503K8s就绪探针会把这个Pod下线$allOk!in_array(error,$checks);return[status$allOk?ok:degraded,checks$checks];}}